inline-signing: SOA serial out of sync
Axel Rau
Axel.Rau at Chaos1.DE
Tue Jun 19 15:33:46 UTC 2018
> Am 14.06.2018 um 18:30 schrieb Axel Rau <Axel.Rau at chaos1.de>:
>
> I include the zone file with the 2 included files, a AXFR dump of it and the options and zone statement (which is not in a view) of the server config in a zip archiv.
I saw no comments on the provided data, so I assume, nobody has a clue on this.
To summarise:
Occasionally it happens after rndc reload that the serial in the zone file is bigger than that in served SOA.
In this case, named begins serving stale data.
Probability for this to happen increases with size of the journal file.
I’m using auto-dnssec maintain; inline-signing yes; serial-update-method increment;
The ARM does not state clearly, which is the base of the increment if the zone file changes (file or internal).
In my case, the served serial is based on the zone file and usually bigger than that.
Question: Could the problem arise by incrementing the serial without changing the zone data?
(Occasionally this could happen with my script)
I have upgraded to bind 9.12.1P2 and look forward. . .
Thanks, Axel
---
PGP-Key:29E99DD6 ☀ computing @ chaos claudius
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 556 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180619/349b8a0b/attachment.bin>
More information about the bind-users
mailing list